Bug Bounty Series— Part 1 (Bug Bounty Basics)

Inside: A deep dive into the lessons learned and techniques applied during my latest hands-on experiments.

Aditya Kumar

~4 min read · April 24, 2026 (Updated: April 24, 2026) · Free: Yes

Bug Bounty Basics

Vulnerabilities and Bug Bounties:

What is a Vulnerability?

A vulnerability is a weakness or mistake in a website, web app, API, or system that allows an attacker to:

· Do something they are not allowed to do

· Access data they should not see

· Modify or delete other users' data

· Bypass security rules

What is a Bug Bounty?

A bug bounty is a reward given by a company when you:

1. Ethically find a vulnerability

2. Report it responsibly

3. Follow program rules

Client and Server:

· Client = sends requests (browser, tools)

· Server = receives requests (website, API)

What Happens When You Visit a Website:

1. You enter a URL in the browser (e.g., http://www.google.com)

2. Browser extracts the domain name (www.google.com)

3. DNS converts the domain name into an IP address

4. Browser creates a TCP connection to the server

· Port 80 → HTTP

· Port 443 → HTTPS

5. Browser sends an HTTP request

· Method (GET/POST)

· Path (/)

· Headers (Host, User-Agent, etc.)

6. Server processes the request and sends an HTTP response

· Status codes:

o 2xx → success

o 3xx → redirect

o 4xx → client error

o 5xx → server error

· Response body → HTML, JSON, files, etc.

7. Browser renders the response

· HTML → structure

· CSS → styling

· JavaScript → dynamic behaviour

8. JavaScript + DOM allow page interaction

· If attacker runs JS → XSS vulnerability

dig queries DNS servers to find the IP address and other DNS records for a domain name:

Step1: use the command -> dig google.com

To get only the IP: dig +short google.com

To get the IPv6: dig AAAA google.com

Opening a TCP connection using Netcat:

Step1: Open a TCP connection to port 80 using Netcat -> nc <ip-address> 80

HTTP Requests:

What is an HTTP Request?

An HTTP request is a message sent by the client (browser/app/tool) to the server asking it to do something.

Every HTTP request has a request method, which tells the server:

· What action to perform

· What result is expected

The request method is one of the most important things in web security.

Why Request Methods Exist?

The internet connects remote computers, so servers must know:

· Is the client only reading data?

· Is it sending data?

· Is it modifying or deleting something?

That's why different HTTP methods were created.

Example: Viewing a page ≠ creating a user ≠ deleting data

Request Methods:

· GET → retrieve data (should not change anything)

· HEAD → GET without body

· POST → create or perform actions

· PUT → update existing data

· DELETE → delete data

· TRACE → reflect request (debug)

· CONNECT → proxy tunneling

· OPTIONS → list allowed methods

· Browsers auto-send GET & OPTIONS

· Wrong method handling leads to:

§ CSRF

§ IDOR

§ Authorization bugs

HTTP is Stateless:

What Does "Stateless" Mean?

Stateless means: The server does not remember anything about previous requests.

Each HTTP request is:

· Independent

· Treated as a new request

· Has no built-in memory

So when a server receives a request, it:

· Does NOT know who you are

· Does NOT know what you did before

· Only knows what's inside that one request

Why This Is a Problem for Websites?

Websites need to:

· Know who is logged in

· Remember user actions

· Maintain sessions

If HTTP were truly stateless without any workaround:

· You would need to send username + password with every request

· Every page click would require re-authentication

Important Security Implication

Because HTTP is stateless:

· All required data must be sent with every request

· The server trusts what the client sends

How Websites Handle Stateless HTTP?

To "remember" users, websites use:

1. Cookies — Small pieces of data stored in browser. Sent with every request.

2. Basic Authentication — Username/password sent in headers. Rarely used for modern web apps.

Bug Bounty Mindset:

Always ask:

· What is the server using to identify the user?

· Can I modify or reuse it?

· Can I send a request without cookies?

· Can I use someone else's cookie?

Most high-impact bugs come from:

· Poor session management

· Trusting client-side data

Contact Me 📧 Email: adii.utsav@gmail.com 🔗 LinkedIn: https://www.linkedin.com/in/aditya-kumar-3241b6286/ 💻 GitHub: https://github.com/Rememberful

#bug-bounty #bug-bounty-tips #bug-bounty-writeup #cybersecurity #hacking

< Go to the original

Bug Bounty Series— Part 1 (Bug Bounty Basics)

Inside: A deep dive into the lessons learned and techniques applied during my latest hands-on experiments.

Reporting a Problem